GCVE - cpe:2.3:a:n/a:ansible-runner:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:ansible-runner:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Ansible Runner (`bb20317c-64c4-5178-9726-95b4f7956b46`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-4041`	vulnerable	2026-06-08 05:38:08.192233	Details available A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. Published: 2022-08-24T15:11:13.000Z Updated: 2024-08-03T17:16:03.408Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=2028074 https://access.redhat.com/security/cve/CVE-2021-4041 https://github.com/ansible/ansible-runner/commit/3533f265f4349a3f2a0283158cd01b59a6bbc7bd	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3702`	vulnerable	2026-06-08 05:33:53.460545	Details available A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality. Published: 2022-08-23T15:51:01.000Z Updated: 2024-08-03T17:01:07.921Z Open on db.gcve.eu Reference links https://github.com/ansible/ansible-runner/pull/742/commits https://bugzilla.redhat.com/show_bug.cgi?id=1977965 https://access.redhat.com/security/cve/CVE-2021-3702	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-3701`	vulnerable	2026-06-08 05:33:53.459291	Details available A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity. Published: 2022-08-23T15:50:47.000Z Updated: 2024-08-03T17:01:08.323Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1977959 https://access.redhat.com/security/cve/CVE-2021-3701 https://github.com/ansible/ansible-runner/issues/738 https://github.com/ansible/ansible-runner/pull/742/commits	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.